Intel CPU Vulnerability Can Expose Cryptographic Keys

One of the vulnerabilities patched recently by Intel in its processors could allow an attacker with physical access to the targeted system to obtain cryptographic keys, according to the cybersecurity firm whose researchers discovered the flaw.

The security hole, tracked as CVE-2021-0146 and rated high severity, impacts Pentium, Celeron and Atom CPUs on mobile, desktop and embedded devices. Affected Atom IoT processors are present in many cars, apparently including ones made by Tesla.

Intel announced the availability of fixes when it released its November 2021 Patch Tuesday updates.

“Hardware allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access,” Intel said in its advisory.

The issue was identified by researchers at Russian cybersecurity firm Positive Technologies, which was sanctioned by the United States earlier this year due to its alleged ties to Russian intelligence.

Positive Technologies revealed on Monday that the vulnerability found by its researchers in Intel processors is related to “debugging functionality with excessive privileges, which is not protected as it should be.”

One theoretical attack scenario described by the company involves a lost or stolen laptop storing confidential information that is encrypted. An attacker could exploit CVE-2021-0146 to extract the encryption key needed to access the confidential information.

“The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect,” explained Mark Ermolov, one of the researchers who discovered the flaw.

“This vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel PTT (Platform Trust Technology) and Intel EPID (Enhanced Privacy ID) technologies in systems for protecting digital content from illegal copying,” Ermolov added. “For example, a number of Amazon e-book models use Intel EPID-based protection for digital rights management. Using this vulnerability, an intruder might extract the root EPID key from a device (e-book), and then, having compromised Intel EPID technology, download electronic materials from providers in file form, copy and distribute them.”

This is not the only CPU vulnerability for which Intel has announced patches this month. The chipmaker also informed users about two high-severity issues in the BIOS reference code of some processors, which can allow a privileged attacker to escalate privileges via local access.

These flaws are tracked as CVE-2021-0157 and CVE-2021-0158, and they impact Xeon, Core, Celeron and Pentium processors.

Major computer vendors such as Dell, Lenovo and HP have informed their customers about the availability of patches for these vulnerabilities.

Related: Intel, VMware Join Patch Tuesday Parade

Related: Intel Patches High-Severity Flaws in NUC 9 Extreme Laptops, Ethernet Linux Drivers